Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
10-08-2024 21:38
Static task
static1
Behavioral task
behavioral1
Sample
87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe
Resource
win10v2004-20240802-en
General
-
Target
87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe
-
Size
16KB
-
MD5
87c546ddba0607b2543381afb9f1d52d
-
SHA1
e1ada5357655faeb8644e42289fcd2b0d3ac1a0d
-
SHA256
1fc854fd49e319f8e87ece6ba2b8d231e7bf71efffae6f3a8b7df36868dd750c
-
SHA512
efb39f366cdcc9578c756ae1bc9519c4ba19dff8be0f0542a7a58c913365fc26b1b108ee035b02fd302849ce26c2ffc8cd4ebfe818eb9870b3dddbcae40901c7
-
SSDEEP
96:qTwlaXuOxPt3EIh4+C7VSxKgKk0lWMICQw+x6ahavdE24D7ewbno:qVXP7wsx+k0lWMI1hhP0
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Apptask32 = "C:\\Windows\\Datacheck" 87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\DataCheck.exe 87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe File opened for modification C:\Windows\DataCheck.exe 87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2936 87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\87c546ddba0607b2543381afb9f1d52d_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2936